2 matches found
UNION Query-based SQL Injection Over HTTP Traffic (CVE-2018-17254; CVE-2020-18144; CVE-2020-29283; CVE-2020-29287; CVE-2020-29288; CVE-2020-35430; CVE-2021-24285)
UNION Query-based SQL Injection Over HTTP Traffic...
CVE-2020-29288
CVE-2020-29288 affects the Gym Management System via manage_user.php, where the GET parameter id is vulnerable to SQL injection. The CVSS metrics indicate a high-severity issue: CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, LOW attack complexity, and impact to confidentiality, i...